Nissan has confirmed that it suffered a data breach in June 2023 in which sensitive and personally identifiable information of its customers was accessed by unauthorized third parties.
The company reported the incident to the Maine Attorney General’s office, and began sending out breach notices to affected customers.
According to these reports, the company didn’t exactly take responsibility for the incident, but said it was the result of a faulty third-party supplier database. It looks like no malware was used.
Unintentional and temporary
In its statement, Nissan said that last year it provided customer data to a software development company, which was required in the automaker’s software development and testing process. The data was poorly stored and poorly protected, which led to third party access and, most likely, information theft.
And the company indicated that “during our investigation on September 26, 2022, we determined that this incident likely led to unauthorized access to or obtaining our data, including some personal information of Nissan customers.”
“Specifically, the data embedded in the code during software testing was temporarily and inadvertently stored in a public cloud-based repository.”
> Many data breaches are caused by improperly configured clouds
> Shoemaker Ecco leaks nearly 60GB of customer data
> These are the best firewalls right now
According to an incident report shared with the Maine Attorney General’s office, a total of 17,998 customers were affected by the breach. These customers were reached with their full names, dates of birth and account numbers with NMAC (Nissan Financial Account). Payment data was allegedly not accessed, as were social security numbers.
Nissan says the data may have been accessed, but not yet used for any illegal activities. According to the company, there is no evidence of Ata being misused in the wild. Affected users were given a free one-year membership to identity protection services through Experian.
- Check out the best endpoint protection services now